Solved

Random Posword not Updating in Database

Posted on 2004-04-28
7
355 Views
Last Modified: 2008-02-01
Hi there,

The scripts below, remember_me.php and function.inc.php are supposed to generate a random password and update corresponding field in the database.

Once prompted, they generate the random password and sends them to the user's email.  But the generated password is not updated in the database and so the user cannot login.

Can someone help me where I'm going wrong.

remember_me.php Script
===================
<?php
//brians code start here
include "functions.inc.php";
include "error_messages.inc.php";
//action=add means usr pressd the submit button
if ($action =="email")
{
 $error_found=false;
 $error="";
 //start validating the user input
 if($email=="")
 {
  $error_found=true;
  $error.=ERR_EMAIL_BLANK;
 }

if(!$error_found)
{
      {
            //{
            $host="mysql.xcalibre.co.uk";
            $uname="xxxxxx";
            $pass="xxx";
            $database="xxxxx";
            $tablename="g_workers";

            $connect= mysql_connect($host,$uname,$pass) or die("Could not connect you to Bizafrican Database! <br>");

            $selectdb=mysql_select_db($database) or die("Could not select the Bizafrican Database for you");

            $mingle   = "decode(password, '".$password."')";  
            $sqlquery = ("select email,username, " .$mingle. " as password from g_workers where email ='".$email ."' ");
            $queryresult = mysql_query($sqlquery,$connect)or die("could not execute the query.");
            if ($row = mysql_fetch_array($queryresult))
            {
            $email =  $row["email"];
            $from     = "dba@guardwise.com";
            $subject  =  "Guardwise.com - Important message for you";
            $message  =  "Your username is:  ". $row["username"]."\n".
                               "Your password is:  ". new_password($row["username"])."\n";//edited here              
            $message   .=  "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.\n
 DBA/Support";
             
            mail($email,$subject,$message,"From: sssssssss.com <dba@ssssssssss.com>");
            Header("Location: http://www.sssssss.com/remember_done.htm");
            exit;
            }
            else
            {

              $error_found=true;
              $error.=ERR_EMAIL_NONE;
            }
      }
}
}
?>
==========================
Functions Script
==========
<?
//this function generate the select box for the selected external file
function makeCombo($optname,$optfile,$optsel,$optex,$optremove='-1000'){ //returns string containing select tag
if(!is_array($optremove)) $optremove=explode(",",$optremove);
$combo="<select name='$optname' $optex>";
include $optfile;

foreach($manutmp as $key => $value){

      $tosel="";
      if($optsel==$key){
      $tosel="selected";
      }
            
      if(in_array($key,$optremove) == false)$combo.="<option value='$key' $tosel>$value\n";
      
      }
$combo.="</select>";
return $combo;
}

//this will return the select value from the select box
function getComboValue($optfile,$optkey){
include $optfile;
return $manutmp[$optkey];
}

//encrypt the password
function encrypt_password($input)
{
 return md5($input);
}

//generate the random password
function new_password ($userid,$length=10) {
      // if you want extended ascii, then add the characters to the array
      $characters = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','0','1','2','3','4','5','6','7','8','9');
      $random_str = "";
      for ($i = 0; $i <= $length; $i++) {
            srand((double)microtime()*1000000);
            $random_chr = round(rand(0, count($characters)-1));
            $random_str .= $characters[$random_chr];
      }
      
      //update the password for the user into  databae
      //update table pasword = encrypt_password($random_str)
       $db_name = "afrika";
$table_name = "biznames";
$connection = @mysql_connect("mysql.xcalibre.co.uk", "bbbbbb", "bbbbb") or die("Couldn't connect.");
        $db = @mysql_select_db($db_name, $connection) or die("Couldn't select database.");
       $sql = "UPDATE $table_name  
              SET  
              password = '". md5($random_str) ."'
              WHERE email = '". $email ."'    
              ";
$result = mysql_query($sql,$connection) or die("Couldn't execute query.");
      return $random_str;
}
?>
0
Comment
Question by:Senyonjo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
7 Comments
 
LVL 10

Accepted Solution

by:
eeBlueShadow earned 125 total points
ID: 10944449
Hi,

Normally, when you have a problem with an SQL query, a good bet is to scho it to screen in testing to see what's wrong.

If you did this in your case, I imagine you'd find that the WHERE clause is looking for a blank email address. Inside a function, variables that you set outside of the function aren't available by default. you have to declare them as global variables for them to be seen inside the function.

There are 2 solutions. The easiest is to put the line "global $email;" as the first line of the new-password function. This will work fine, but a better method would be to pass the email address as a third argument to the function. I'll try and dig out a link explaining why global variables aren't always the best idea, but either of those should work for now.
0
 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10944509
This thread on siteforums.com (http://www.sitepoint.com/forums/showthread.php?t=156431) explains the main reasons.

While none of them are likely to affect you in any way in this script, and either of my solutions above are valid, it's nothing more than a good practise to get into, because passing variables in a function's parameter list is foolproof, whereas using global variables isn't. Why waste the time to make a case by case decision about which to use?

I hope this a) fixes your problem and b) gives you a useful insight into further PHP programming,

_Blue

P.S. It's supposed to say "to echo it to screen" in my above post, if you hadn't guessed.
0
 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10944510
This thread on siteforums.com (http://www.sitepoint.com/forums/showthread.php?t=156431) explains the main reasons.

While none of them are likely to affect you in any way in this script, and either of my solutions above are valid, it's nothing more than a good practise to get into, because passing variables in a function's parameter list is foolproof, whereas using global variables isn't. Why waste the time to make a case by case decision about which to use?

I hope this a) fixes your problem and b) gives you a useful insight into further PHP programming,

_Blue

P.S. It's supposed to say "to echo it to screen" in my above post, if you hadn't guessed.
0
 
LVL 6

Assisted Solution

by:jkna_gunn
jkna_gunn earned 125 total points
ID: 10946917
also make sure that the password field can take the size of an md5 string.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question